diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-10 17:21:37 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-03-13 11:16:13 +0100 |
commit | c89fd035d54f8c80cd0bbd26b9a90fcff385cbb5 (patch) | |
tree | 6db358b821ed49ef42b62a8d4623786e015480f5 /doc | |
parent | 234261f3a1a4fc88d51fde2007852c0a45e7ce8a (diff) | |
download | openssl-c89fd035d54f8c80cd0bbd26b9a90fcff385cbb5.tar.gz |
TS ESS: Let TS_RESP_verify_signature() make use of untrusted certs also from token response
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14504)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/openssl-ts.pod.in | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in index d91d06f0fd..56670752f1 100644 --- a/doc/man1/openssl-ts.pod.in +++ b/doc/man1/openssl-ts.pod.in @@ -326,12 +326,12 @@ This flag can be used together with the B<-in> option and indicates that the input is a DER encoded timestamp token (ContentInfo) instead of a timestamp response (TimeStampResp). (Optional) -=item B<-untrusted> I<cert_file.pem> +=item B<-untrusted> I<file> -Set of additional untrusted certificates in PEM format which may be -needed when building the certificate chain for the TSA's signing -certificate. This file must contain the TSA signing certificate and -all intermediate CA certificates unless the response includes them. +A set of additional untrusted certificates which may be +needed when building the certificate chain for the TSA's signing certificate. +These do not need to contain the TSA signing certificate and intermediate CA +certificates as far as the response already includes them. (Optional) =item B<-CAfile> I<file>, B<-CApath> I<dir>, B<-CAstore> I<uri> |